Understanding Lawson Security: Basics, Hierarchy, and Administration Tools

This comprehensive guide covers essential aspects of Lawson Security, including an overview of security components, user roles, secured objects, and implementation methodology. Learn about the hierarchy structure, what can be secured, rules, and the tools available for security administrators and RM administrators. Discover how to log in and manage security profiles, classes, rules, roles, and user profiles effectively.

• Lawson Security
• Hierarchy
• Administration Tools
• User Roles
• Secured Objects

boy_se Follow

Uploaded on Oct 04, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Lawson Security The basics to get you started

2. Are you on Lawson Security? Poll Lawson Sec LAUA No 10% 48% 42%

3. What is covered Overview of security past and present Introduction to components and terminology Introduction to the tools and menus A few simple tasks that you re likely to perform Implementation methodology Troubleshooting

4. LAUA Security Security Class User Secured Objects HR00 PR12 HR01 PR13 HR04 PR51 HR07 PR52 HRGENCLASS HR09 PR67 HR10 PR68 HR11 HR12 PA52 PA100

5. LSF Security User Security Roles Security Classes HRSETUPCLASS HR00 HR01 HR04 HR07 PRACCESSCLASS PR12 PR13 PR51 PR52 PR67 PR68 HRGENROLE HREMPCLASS . HR10 HR09 HR11 HR12 PRADROLE PAACTCLASS DATAACCESS PA52 PA100

6. The Hierarchy (in one profile) User has many oRoleshave many Security Classes have many oRules

7. What can you secure? Online: Online Screens (e.g. HR11, PR13, GL00, PO20 ) Batch: Batch programs (e.g. PA100, HR211, PR198, GL190 ) Files: Database Tables Elements Not in this presentation Element Groups Not in this presentation Data Source: The Productline Securable Type o Form o Program o Table

8. Rule? Grant All Access Deny Any Access Unconditional Access to Action Conditional Rule Access

9. The Tools Security Administrator o Manage Security Profiles o Add/Edit Security classes o Add/Edit Security rules o Assign classes to roles o Manage user profiles o Run security reports o Manage security settings RM Administrator o Add/Edit Groups o Add/Edit Roles

10. How to log in For either the Security Administrator or RM Administrator o Server: Same sever as your Portal URL (you don t need to type in the Http:// o User: Has to be a security administrator (there are other user types but for now ) o Password: Same password as used on Portal

11. Menus Add/Edit Users Add Roles to users Manage identities Add users to groups Add/Edit security Classes Assign a Class to A Role Create an run reports

12. Simple Task 1: Add a role to a user Log into the Security Administrator Select User Management section on left side bar Click on User Maintenance . Opens new window. Search for the user name by last name. o HINT: You can use wildcards. e.g. Rez* will bring back Rezaei Right-click the row and select Edit RM Information With the Role row highlighted, click on the button to the right Skip to End ; Back ; Check Description ; Next Select Desired role and click the > button Click Finish Close the Change RM Object window Acknowledge saving the record Viola

13. User Search/Edit Right Click

14. RM Record Should be set to Yes

15. Assigning Roles

16. Assigning Roles

17. Assigning Roles

18. Simple Task 2: Grant Access to online Screen Log into the Security Administrator Double Click the Profile ID your classes reside in (PRD) Double Click the Security Class to add access to Click the Add Rule button Select the securable type. Example: Online Expand the system code your securable object is under. Example IF Check the object you want to grant access to. Example: CU01 o Select Grant All Access on the right and click Apply o Expand the screen name and select the token you want to grant access to. Example CU01.1 Select Grant All Access on the right and click Apply Viola: As long as you have access to the system code (Example IF ) and the DataSource (Example PROD ).

19. Granting Access to CU01.1

20. Did you catch that? To grant access to a securable object like a screen, a batch job, or a database table, you need to grant access to the productline and the system code it resides in. In order to grant access to a specific screen token (like HR11.1). You also need to grant access to the screen (HR11). The fields and tabs in the token are automatically granted unless you deny them specifically.

21. Simple Task 3: Grant Access Prod Log into the Security Administrator Double Click the Profile ID your classes reside in (PRD) Click Add (to add a new Security Class) Name your security class (e.g. ProdAccess ), add a description and click ADD Click Refresh scroll double click your new class. Add Rule Select Data Sources from securable type Select Prod ; on the right select Grant All Access Click Apply Viola

22. Drop downs and Drills Must grant access to the tables the select or drill draws data from. Table information can be found in the <system code>.or and <System Code>.sr files in $LAWDIR/Productline/??src

23. Couple of other things LSF Security is grant based. If in any of assigned classes access is granted then the user has access. EVEN IF it s explicitly denied in another one of the user s classes. You can write conditional rules based on lots of things. Here are some examples: o Data Elements: Company, Process_level, Department, Job_Code o Screen Fields o User Profile information o Date/Time o Structures o Elements / Element Groups o Identities

24. Implementation 50% Planning 30% Development 20% Testing

25. Methodology Come up with a good naming convention for roles and classes before you do anything else. These should make sense at a glance and be easy to classify and sorting them should also group them. Start with Roles in the company Determine Tasks each role needs to perform (These will be your security classes) Determine what each task is composed of (These will be your rules) Assign classes to roles Assign roles to users Do one user group at a time, not all at once

26. Troubleshooting If all else fails in your troubleshooting make sure to: o Perform an IOSCacheRefresh o Clear all your browsing history and restart the browser o Remove all other roles but the one you re testing from the user o Run a security report o Check security log files in $LAWDIR/system/ o Clear Security Cache under the Server Management section of the security administrator o Reduce the CACHING_INTERVAL under the server settings in the Server Management section of the security administrator o Try it in LID o Take a break

27. Next Webinar Microsoft Add-ins Simple queries and data loads. July25 www.nogalis.com/education.html

28. Q/A Q/A @nogalisinc